Andrew Lentvorski wrote:
Taking out DNS won't stop the internet--everything communicates via IP
underneath. Everybody would just switch to IP numbers until an
alternative came up. Given the number of characters in some of these
domains, IP numbers would be an improvement.
For all practical purposes it would stop the Internet. Sure, it's all IP
underneath. But the Internet transactions I care about are all human
initiated such as sending and receiving emails and getting web pages. If
the root name servers went down right now how would you conduct your
normal Internet business? Some of us might be able to salvage some
things from our local DNS cache and write them down. But the vast
majority of the net would be SOL.
1) Physical links--90+% of Internet traffic in North America probably
passes through a small number of optic fiber bundles. Backhoe failure
is a wonderful way to kill traffic.
Whenever I go hiking or camping I always take a piece of fiber optic
cable with me. If I get lost I just bury the cable and then wait for a
backhoe to come dig it up. Then I ride the backhoe back to town.
2) Exchange points--Does the vast majority of Internet traffic still go
through the MAEs--MAE East, Central, and West?
It has become a lot less centralized.
3) Router infrastructure--Compromising IOS would kill all the core
routers. Monocultures suck.
This is true. The Juniper routers would be ok though. How many different
router implementations would we need in order to prevent any significant
part of the net from going down if any one kind of router were
compromised? I doubt it would be practical to have a dozen different
makers of really big core routers.
Number 3 is the most dangerous. Number 4 is the most probable. Number
5 is the only one easily fixed.
Yep. And in a way I am looking forward to the day it happens. So far
nobody really takes security seriously. We just haven't had a real
problem yet.
--
Tracy R Reed http://ultraviolet.org
A: Because we read from top to bottom, left to right
Q: Why should I start my reply below the quoted text
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
